Laravel Websockets - Private Channel - laravel

I am fiddling with Laravel websockets for the first time.
Currently i am just using plain JS WebSocket client (not Laravel Echo).
They way i see it, laravel echo provides an 'authEndpoint' for private and presence channels.
This allows you to create Broadcast::channel() callback that looks like this
Broadcast::channel('App.User.{id}', function ($user, $id) {
return (int) $user->id === (int) $id;
});
What puzzles me now, is that when i make a websocket connection with the WebSocket native client and i dont provide the auth endpoint, i can just subscribe to my private channel, and thus bypass all auth completely?
Is this correct or am i missing something?
My goal is to have private channels that reject access is the auth endpoint was not provided.

What does your broadcast routing look like? Any middleware?
From Laravel:
Broadcast::channel('channel', function () {
// ...
}, ['guards' => ['web', 'admin']]);

Related

Handling logout on private channel Laravel 9 Websockets

I am making a Laravel 9 application involving websockets. I've made a private channel in the 'routes/channels.php' as following:
Broadcast::channel('User.{id}', function ($user, $id) {
return (int) $user->id === (int) $id;
});
It succesfully only allows authenticated users to join the channel and receive events. But the problem is, if I open two browser tabs, and logout at one, the other one is still 'authenticated' in the channel and is still able to receive new events. I want to make sure that if the user logs out of their account, he does not have access to the private channel anymore. How would this be possible?

How does Laravel Model Broadcasting deal with private channel auth? And some other questions about broadcasting in Laravel

I'm working on a simple chat web app using Laravel.
I've decided to use the Model broadcasting routine here.
But I don't know how model broadcasting authorize users.
I know the standard method is like:
Broadcast::channel('orders.{orderId}', function ($user, $orderId) {
return $user->id === Order::findOrNew($orderId)->user_id;
});
While model broadcasting also broadcasts on private channels, the docs doesn't describe if developers need to set up authorization callbacks.
So, do I need to create a private channel authorization callback like:
Broadcast::channel('App.User.{userId}', function ($user, $userId) {
return $user->id === userId;
});
And the second question: can I create different private channels authorization callbacks for different auth guards like:
Broadcast::channel('channel.{memberId}', function ($member, $memberId) {
// ...
}, ['guards' => ['member']]);
Broadcast::channel('channel.{adminId}', function ($admin, $adminId) {
// ...
}, ['guards' => ['admin']]);
The last question: does the broadcasting in Laravel support client-to-client broadcasting? Because I need to limit who can send messages to specific channels, if the client-to-client behavior exists it may effect the privacy of users in my app.
My native language is not English. Sorry if my words are not clear.

laravel broadcast channel is not calling after changing auth endpoint

i am developing teacher and student chat system in laravel and vuejs using pusher. So as i read from documentation that laravel by default do the user authentication for private and presence channel so both my model are different one is student and other one is teacher both are not extend from Authenticatable so what i did is change the authendpoint and make a new route and return the pusher ath:key i,m successfully doing that but now the problem is after returning auth response Echo.private is not calling my channel
This is my Channel.php file code
Broadcast::channel('student-messages.{id}', function($id) {
return true;
},['guards'=>['web']]);
This is my chat app file code
window.Echo.private(`student-messages.${this.student.id}`)
.listen('NewMessage',(e)=>{
console.log(e);
});
This is my route in web.php
Route::post('/custom/endpoint/auth',function (Request $request){
$pusher = new Pusher\Pusher(env('PUSHER_APP_KEY'),env('PUSHER_APP_SECRET'), env('PUSHER_APP_ID'));
return $pusher->socket_auth($request->request->get('channel_name'),$request->request->get('socket_id'));
});

Laravel Echo not subscribing to pusher channel

I am not able to listen for a notification in a private channel. When I try to connect to the channel I can see in the pusher debug console that a connection is attempted but then it does not say subscribed. If I try to log the channel to the console it says subscriptionPending: true.
I am using the following code:
window.Echo.private(`App.Models.User.User.${Laravel.userId}`).notification((notification) => {
console.log(notification);
})
I have not tried a .listen method after the .private method as I am listening for a notification to be emitted from Laravel.
Here is the contents of my channels.php file for authenticating the user
Broadcast::channel('App.Models.User.User.{id}', function ($user, $id) {
return (int) $user->id === (int) $id;
});```
Turns out I was subscribing to the wrong channel, forgot my User model was in a directory called Users not User

API endpoint in Laravel hook

Is it possible to establish an API endpoint in a laravel voyager hook?
All the documentation I can find shows how to set up a listener for a web request, but these endpoints will not take a post.
Just create the post route in your api routes file.
Example:
// routes/api.php
<?php
Route::post('/webhooks', 'WebhooksController');
// app/Http/Controllers/Api/WebhooksController
public function __invoke(Request $request)
{
// handle webhook
}
Then posting data to yourapp.test/api/webhooks should work.

Resources